CVE-2025-41025

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'category' y 'product' parameters in '/farm/sellproduct.php'...

CVE-2023-40518

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...

CVE-2022-23771

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrar...

CVE-2019-25259

CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...

WordPress plugin Import into Easy Property Listings 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is ...

PT-2025-53333

Name of the Vulnerable Software and Affected Versions Beward N100 H.264 VGA IP Camera version M2.1.6 Description The Beward N100 H.264 VGA IP Camera version M2.1.6 contains a cross-site request forgery issue. This allows attackers to perform administrative actions without proper validation of...

PT-2025-53375

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user...

Devolo dLAN 500 AV Wireless+ 安全漏洞

Devolo dLAN 500 AV Wireless+ is a powerline communication adapter from Devolo, Germany. A security vulnerability exists in the Devolo dLAN 500 AV Wireless+ version 3.1.0-1 that stems from a lack of proper request validation and could lead to a cross-site request forgery attack...

PT-2025-53338

Name of the Vulnerable Software and Affected Versions Teradek VidiU Pro version 3.0.3 Description The Teradek VidiU Pro software contains a cross-site request forgery issue. This allows attackers to alter administrative passwords due to insufficient validation of requests. An attacker can create...

Beward N100 安全漏洞

Beward N100 is an IP camera from the Russian company Beward. A security vulnerability exists in Beward N100 version M2.1.6, which stems from a lack of proper request validation and could lead to a cross-site request forgery attack...

BTicino Legrand BTicino Driver Manager 安全漏洞

BTicino Legrand BTicino Driver Manager is a gateway integration and protocol conversion software from BTicino, Italy. A security vulnerability exists in BTicino Legrand BTicino Driver Manager that stems from a lack of proper request validation and could lead to cross-site request forgery attacks...

Synaccess netBooter NP-0801DU 安全漏洞

Synaccess netBooter NP-0801DU is an intelligent power controller from Synaccess, Inc. A security vulnerability exists in Synaccess netBooter NP-0801DU version 7.4, which stems from a lack of request validation and could lead to cross-site request forgery attacks...

ROS-20251223-7324

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

CVE-2025-20393

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

UBICOD Medivision Digital Signage 跨站请求伪造漏洞

UBICOD Medivision Digital Signage is a digital signage software for healthcare environments from UBICOD Medivision, a South Korean company. A cross-site request forgery vulnerability exists in UBICOD Medivision Digital Signage version 1.5.1, which stems from a lack of request validation and could...

Cross-Site Request Forgery (CSRF)

com.liferay, com.liferay.change.tracking.web is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request-validation mechanisms, which allows an attacker to trick users into unknowingly performing actions that add or edit publication comments...

ROS-20251117-04

A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...

CVE-2025-41107

The CVE-2025-41107 entry describes a Stored XSS in Smart School 7.0 caused by insufficient validation of user input in a POST to /online_admission, affecting fields such as firstname, lastname, guardian_name, etc. The issue could allow a remote attacker to craft input that is processed by an auth...

EUVD-2020-0849

Malware in sbrugna...

EUVD-2019-10463

Malware in sbrugna...